New Microsoft Word Zero-Day Used in Targeted Attacks

While the reported attacks are targeting Microsoft Word 2010, other software products affected by the vulnerability include: Microsoft Word 2003, Microsoft Word 2007, Microsoft Word 2013, Microsoft Word Viewer and Microsoft Office for Mac 2011.

Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft.

As an initial workaround until the bug is patches, Microsoft is providing a Fix it automated tool which uses Office’s file block feature and adds few registry keys to prevent opening of RTF files in all Word versions.